SecurityError: Permission denied to access property on cross-origin object laravel/javascript

Question

I have a laravel app. i have two urls

Route::get('/', function () {
    return view('welcome');
});

Route::get('/pdf', function () {
    $headers = [
        'Access-Control-Allow-Origin' => 'http://cms.test'
    ];
    return response()->file('test.pdf', $headers);
});

inside welcome i have added an iframe

<iframe src="{{ url('pdf') }}" width="100%" height="80%" id="test_frame" ></iframe>

now when i do

window.frames["test_frame"].contentWindow

it gives Restricted http://cms.test/pdf:Object

and when i try to access any property on the contentWindow i get

SecurityError: Permission denied to access property "getSelections" on cross-origin object

i have tried package "barryvdh/laravel-cors": "^0.11.2",

please help. I don't know how am I having different origins?

Edited: I now know that the document.URL of iframe is "about:blank"

Answer 1

Waitting for answers